On 5/13/2024 8:33 PM, Daniel P. Berrangé wrote:
Validate that it is possible to pass 'parameter=1' for any SMP topology
parameter, since unsupported parameters are implicitly considered to
always have a value of 1.
Signed-off-by: Daniel P. Berrangé
---
tests/unit/test-smp-parse.c | 8
On 4/26/2024 6:07 PM, Zhao Liu wrote:
Update the comment to match the X86ConfidentialGuestClass
implementation.
Suggested-by: Xiaoyao Li
I think it should be "Reported-by"
Signed-off-by: Zhao Liu
---
target/i386/confidential-guest.h | 2 +-
1 file changed, 1 insertion(+),
On 4/25/2024 6:29 PM, Zhao Liu wrote:
On Thu, Apr 25, 2024 at 04:40:10PM +0800, Xiaoyao Li wrote:
Date: Thu, 25 Apr 2024 16:40:10 +0800
From: Xiaoyao Li
Subject: Re: [PATCH for-9.1 0/7] target/i386/kvm: Cleanup the kvmclock
feature name
On 4/25/2024 3:17 PM, Zhao Liu wrote:
Hi Xiaoyao
On 4/25/2024 3:17 PM, Zhao Liu wrote:
Hi Xiaoyao,
On Wed, Apr 24, 2024 at 11:57:11PM +0800, Xiaoyao Li wrote:
Date: Wed, 24 Apr 2024 23:57:11 +0800
From: Xiaoyao Li
Subject: Re: [PATCH for-9.1 0/7] target/i386/kvm: Cleanup the kvmclock
feature name
On 3/29/2024 6:19 PM, Zhao Liu wrote
On 3/29/2024 6:19 PM, Zhao Liu wrote:
From: Zhao Liu
Hi list,
This series is based on Paolo's guest_phys_bits patchset [1].
Currently, the old and new kvmclocks have the same feature name
"kvmclock" in FeatureWordInfo[FEAT_KVM].
When I tried to dig into the history of this unusual naming
On 3/29/2024 6:19 PM, Zhao Liu wrote:
From: Zhao Liu
These 2 MSRs have been already defined in the kvm_para header
(standard-headers/asm-x86/kvm_para.h).
Remove QEMU local definitions to avoid duplication.
Signed-off-by: Zhao Liu
Reviewed-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 3
On 3/29/2024 6:19 PM, Zhao Liu wrote:
From: Zhao Liu
Add feature definiations for KVM_CPUID_FEATURES in CPUID (
CPUID[4000_0001].EAX and CPUID[4000_0001].EDX), to get rid of lots of
offset calculations.
Signed-off-by: Zhao Liu
---
hw/i386/kvm/clock.c | 5 ++---
target/i386/cpu.h |
On 4/23/2024 11:09 PM, Paolo Bonzini wrote:
+
+/**
+ * x86_confidential_guest_kvm_type:
+ *
+ * Calls #X86ConfidentialGuestClass.unplug callback of @plug_handler.
the comment needs to be updated:
Calls #X86ConfidentialGuestClass.kvm_type() callback
+ */
+static inline int
this is just a cleanup, so keep the function static.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
Message-ID: <20240229063726.610065-23-xiaoyao...@intel.com>
Reviewed-by: Xiaoyao Li
Signed-off-by: Paolo Bonzini
---
target/i386/kvm/kvm.c
On 4/16/2024 4:32 PM, Chenyi Qiang wrote:
On 2/29/2024 2:36 PM, Xiaoyao Li wrote:
Current KVM doesn't support PMU for TD guest. It returns error if TD is
created with PMU bit being set in attributes.
Disable PMU for TD guest on QEMU side.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm
On 4/3/2024 11:12 PM, Igor Mammedov wrote:
On Wed, 3 Apr 2024 10:59:53 -0400
Xiaoyao Li wrote:
A value 1 of PCAT_COMPAT (bit 0) of MADT.Flags indicates that the system
also has a PC-AT-compatible dual-8259 setup, i.e., the PIC.
When PIC is not enabled (pic=off) for x86 machine
-by: Xiaoyao Li
---
changes in v2:
- Clarify more in commit message;
---
hw/i386/acpi-common.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/i386/acpi-common.c b/hw/i386/acpi-common.c
index 20f19269da40..0cc2919bb851 100644
--- a/hw/i386/acpi-common.c
+++ b/hw/i386/acpi-common.c
On 4/2/2024 10:31 PM, Michael S. Tsirkin wrote:
On Tue, Apr 02, 2024 at 09:18:44PM +0800, Xiaoyao Li wrote:
On 4/2/2024 6:02 PM, Michael S. Tsirkin wrote:
On Tue, Apr 02, 2024 at 04:25:16AM -0400, Xiaoyao Li wrote:
Set MADT.FLAGS[bit 0].PCAT_COMPAT based on x86ms->pic.
Signed-off-by: Xiao
On 4/2/2024 6:02 PM, Michael S. Tsirkin wrote:
On Tue, Apr 02, 2024 at 04:25:16AM -0400, Xiaoyao Li wrote:
Set MADT.FLAGS[bit 0].PCAT_COMPAT based on x86ms->pic.
Signed-off-by: Xiaoyao Li
Please include more info in the commit log:
what is the behaviour you observe, why it is wrong,
Set MADT.FLAGS[bit 0].PCAT_COMPAT based on x86ms->pic.
Signed-off-by: Xiaoyao Li
---
hw/i386/acpi-common.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/i386/acpi-common.c b/hw/i386/acpi-common.c
index 20f19269da40..0cc2919bb851 100644
--- a/hw/i386/acpi-commo
this is just a cleanup, so keep the function static.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
Message-ID: <20240229063726.610065-23-xiaoyao...@intel.com>
[Unify error reporting, rename function. - Paolo]
Signed-off-by: Paolo Bonzini
---
target/i386/kvm/kvm.c
On 3/21/2024 2:12 AM, Isaku Yamahata wrote:
On Wed, Mar 20, 2024 at 03:39:44AM -0500,
Michael Roth wrote:
TODO: make this SNP-specific if TDX disables legacy ROMs in general
TDX disables pc.rom, not disable isa-bios. IIRC, TDX doesn't need pc pflash.
Not TDX doesn't need pc pflash, but
viewed-by: Xiaoyao Li
---
v4->v5:
- move here all non-KVM parts
- add compat property and support for special value "-1" (accelerator
defines value)
target/i386/cpu.h | 1 +
hw/i386/pc.c | 4 +++-
target/i386/cpu.c | 22 ++
3 files changed, 26 insert
On 3/23/2024 2:11 AM, Paolo Bonzini wrote:
So far, KVM has allowed KVM_GET/SET_* ioctls to execute even if the
guest state is encrypted, in which case they do nothing. For the new
API using VM types, instead, the ioctls will fail which is a safer and
more robust approach.
The new API will be
On 3/23/2024 2:11 AM, Paolo Bonzini wrote:
From: Xiaoyao Li
KVM side leaves the memory to shared by default, while may incur the
/s/while/which/
fix typo from myself.
overhead of paging conversion on the first visit of each page. Because
the expectation is that page is likely to private
, the original shared
memory can be discarded via ram_block_discard_range(). Note, shared
memory can be discarded only when it's not back'ed by hugetlb because
hugetlb is supposed to be pre-allocated and no need for discarding.
Signed-off-by: Chao Peng
Co-developed-by: Xiaoyao Li
Signed-off
in the future in order to suppor migration).
From that point, skip reading registers so that cpu->vcpu_dirty is
never true: if it ever becomes true, kvm_arch_put_registers() will
fail miserably.
Signed-off-by: Paolo Bonzini
Reviewed-by: Xiaoyao Li
Reviewed-by: Xiaoyao Li
On 3/19/2024 9:59 PM, Paolo Bonzini wrote:
Introduce a common superclass for x86 confidential guest implementations.
It will extend ConfidentialGuestSupportClass with a method that provides
the VM type to be passed to KVM_CREATE_VM.
Signed-off-by: Paolo Bonzini
Reviewed-by: Xiaoyao Li
On 3/19/2024 9:59 PM, Paolo Bonzini wrote:
From: Xiaoyao Li
KVM is introducing a new API to create confidential guests, which
will be used by TDX and SEV-SNP but is also available for SEV and
SEV-ES. The API uses the VM type argument to KVM_CREATE_VM to
identify which confidential computing
On 3/21/2024 1:08 AM, Paolo Bonzini wrote:
On Wed, Mar 20, 2024 at 10:59 AM Paolo Bonzini wrote:
I will now focus on reviewing patches 6-20. This way we can prepare a
common tree for SEV_INIT2/SNP/TDX, for both vendors to build upon.
Ok, the attachment is the delta that I have. The only
On 3/19/2024 10:14 AM, Wang, Lei wrote:
On 2/29/2024 14:36, Xiaoyao Li wrote:
From: Chao Peng
When geeting KVM_EXIT_MEMORY_FAULT exit, it indicates userspace needs to
do the memory conversion on the RAMBlock to turn the memory into desired
attribute, i.e., private/shared.
Currently only
On 3/20/2024 4:39 PM, Michael Roth wrote:
TODO: squash into "kvm: handle KVM_EXIT_MEMORY_FAULT"
qemu_host_page_size has been superseded by qemu_real_host_page_size()
in newer QEMU, so update the patch accordingly.
I found it today as well when rebase to qemu v9.0.0-rc0.
Fix it locally, will
On 3/19/2024 10:03 AM, Wang, Lei wrote:
On 2/29/2024 14:36, Xiaoyao Li wrote:> Introduce the helper functions to set
the attributes of a range of
memory to private or shared.
This is necessary to notify KVM the private/shared attribute of each gpa
range. KVM needs the information to dec
On 3/20/2024 5:37 PM, David Hildenbrand wrote:
On 20.03.24 09:39, Michael Roth wrote:
From: Xiaoyao Li
When memory page is converted from private to shared, the original
private memory is back'ed by guest_memfd. Introduce
ram_block_discard_guest_memfd_range() for discarding memory
gt;host_phys_bits && cpu->host_phys_bits_limit &&
cpu->guest_phys_bits > cpu->host_phys_bits_limt)
{
}
Simpler, we can guard with cpu->phys_bits like below, because
cpu->host_phys_bits_limit is used to guard cpu->phys_bits in
host_cpu_realizefn()
if (cpu-
On 3/19/2024 11:08 PM, Pawan Gupta wrote:
On Tue, Mar 19, 2024 at 12:22:08PM +0800, Xiaoyao Li wrote:
On 3/13/2024 10:53 PM, Pawan Gupta wrote:
Register File Data Sampling (RFDS) is a CPU side-channel vulnerability
that may expose stale register value. CPUs that set RFDS_NO bit in MSR
On 3/13/2024 10:53 PM, Pawan Gupta wrote:
Register File Data Sampling (RFDS) is a CPU side-channel vulnerability
that may expose stale register value. CPUs that set RFDS_NO bit in MSR
IA32_ARCH_CAPABILITIES indicate that they are not vulnerable to RFDS.
Similarly, RFDS_CLEAR indicates that CPU
On 3/19/2024 5:51 AM, Paolo Bonzini wrote:
On Thu, Feb 29, 2024 at 7:01 AM Xiaoyao Li wrote:
Use confidential_guest_kvm_init() instead of calling SEV specific
sev_kvm_init(). As a bouns, it fits to future TDX when TDX implements
its own confidential_guest_support and .kvm_init().
Move
On 3/13/2024 9:27 PM, Gerd Hoffmann wrote:
Query kvm for supported guest physical address bits, in cpuid
function 8008, eax[23:16]. Usually this is identical to host
physical address bits. With NPT or EPT being used this might be
restricted to 48 (max 4-level paging address space size)
On 3/13/2024 11:31 PM, Daniel P. Berrangé wrote:
On Tue, Mar 12, 2024 at 03:44:32PM +0800, Xiaoyao Li wrote:
On 3/11/2024 5:27 PM, Daniel P. Berrangé wrote:
On Thu, Feb 29, 2024 at 01:37:10AM -0500, Xiaoyao Li wrote:
From: Isaku Yamahata
Add property "quote-generation-socket" to
On 3/11/2024 5:27 PM, Daniel P. Berrangé wrote:
On Thu, Feb 29, 2024 at 01:37:10AM -0500, Xiaoyao Li wrote:
From: Isaku Yamahata
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation Service(QGS).
On request o
On 3/11/2024 3:29 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 3/7/2024 9:51 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:51 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility
Originated-from
On 3/10/2024 9:38 PM, Zhao Liu wrote:
Hi Xiaoyao,
case 3: /* L3 cache info */
-die_offset = apicid_die_offset(_info);
if (cpu->enable_l3_cache) {
+addressable_threads_width = apicid_die_offset(_info);
Please get rid of the
t;module" level in 0x1F, decouple CPUID[0x1F] subleaf
with specific topology level.
Tested-by: Yongwei Ma
Signed-off-by: Zhao Liu
Reviewed-by: Xiaoyao Li
Besides, some nits below.
---
Changes since v7:
* Refactored the encode_topo_cpuid1f() to use traversal to search the
encoded l
to detect without touching the
topology details.
This is also in preparation for the follow-up to decouple CPUID[0x1F]
subleaf with specific topology level.
Tested-by: Yongwei Ma
Signed-off-by: Zhao Liu
Reviewed-by: Xiaoyao Li
On 3/7/2024 9:51 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:51 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- mention
On 3/7/2024 9:56 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 3/7/2024 4:39 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 9:25 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:37 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku
On 2/27/2024 6:32 PM, Zhao Liu wrote:
From: Zhao Liu
In cpu_x86_cpuid(), there are many variables in representing the cpu
topology, e.g., topo_info, cs->nr_cores and cs->nr_threads.
Since the names of cs->nr_cores/cs->nr_threads does not accurately
Again as in v7, please changes to
ID to calculate this field.
[1]: APM, vol.3, appendix.E.4.15 Function 8000_001Dh--Cache Topology
Information
Cc: Babu Moger
Tested-by: Yongwei Ma
Signed-off-by: Zhao Liu
Reviewed-by: Xiaoyao Li
---
Changes since v7:
* Moved this patch after CPUID[4]'s similar change ("i386/cpu: U
not similar to addressable_threads_width, the semantic changes
per different cache level. In fact, you want something like
bit_width_of_addressable_threads_sharing_this_level_of_cache.
So I suggest stop using the variable of "address_therads_width". Instead
jus
On 3/5/2024 6:52 PM, Gerd Hoffmann wrote:
Query kvm for supported guest physical address bits, in cpuid
function 8008, eax[23:16]. Usually this is identical to host
physical address bits. With NPT or EPT being used this might be
restricted to 48 (max 4-level paging address space size) even
On 2/29/2024 4:51 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- mention additional error information in gpa when it presents;
- refine
On 2/29/2024 9:28 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:40 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku Yamahata
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation S
On 3/7/2024 4:39 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 9:25 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:37 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku Yamahata
Three sha384 hash values, mrconfigid, mrowner and mrownerconfig
On 3/5/2024 5:10 PM, Isaku Yamahata wrote:
On Thu, Feb 29, 2024 at 01:36:29AM -0500,
Xiaoyao Li wrote:
From: Chao Peng
When geeting KVM_EXIT_MEMORY_FAULT exit, it indicates userspace needs to
do the memory conversion on the RAMBlock to turn the memory into desired
attribute, i.e., private
On 3/4/2024 10:58 PM, Gerd Hoffmann wrote:
On Mon, Mar 04, 2024 at 09:54:40AM +0800, Xiaoyao Li wrote:
On 3/1/2024 6:17 PM, Gerd Hoffmann wrote:
query kvm for supported guest physical address bits using
KVM_CAP_VM_GPA_BITS. Expose the value to the guest via cpuid
(leaf 0x8008, eax, bits
On 3/1/2024 6:17 PM, Gerd Hoffmann wrote:
query kvm for supported guest physical address bits using
KVM_CAP_VM_GPA_BITS. Expose the value to the guest via cpuid
(leaf 0x8008, eax, bits 16-23).
Signed-off-by: Gerd Hoffmann
---
target/i386/cpu.h | 1 +
target/i386/cpu.c | 1 +
On 2/29/2024 9:25 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
On 2/29/2024 4:37 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku Yamahata
Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
can be provided for TDX attestation. Detailed meaning of them
On 2/29/2024 4:40 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku Yamahata
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation Service(QGS).
On request of GetQuote, it connects to the QGS so
On 2/29/2024 4:37 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
From: Isaku Yamahata
Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
can be provided for TDX attestation. Detailed meaning of them can be
found:
https://lore.kernel.org/qemu-devel/31d6dbc1-f453-4cef
TDX doesn't support map different GPAs to same private memory. Thus,
aliasing top 128KB of BIOS as isa-bios is not supported.
On the other hand, TDX guest cannot go to real mode, it can work fine
without isa-bios.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v1:
- update
For TDX, the address below 1MB are entirely general RAM. No need to
initialize pc.rom memory region for TDs.
Signed-off-by: Xiaoyao Li
---
This is more as a workaround of the issue that for q35 machine type, the
real memslot update (which requires memslot deletion )for pc.rom happens
after
Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- mention additional error information in gpa when it presents;
- refine the documentation; (Markus)
Changes in v4:
- refine the documentation
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- Add TD attestation section and update the QEMU parameter;
Changes since v1:
- Add prerequisite of private gmem;
- update example command to launch TD
Current KVM doesn't support PMU for TD guest. It returns error if TD is
created with PMU bit being set in attributes.
Disable PMU for TD guest on QEMU side.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target
conversion request of non-assigned region to shared and return
success. Otherwise OVMF is confused and panics there.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 12
1 file changed, 12 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li
Introduce memory_region_init_ram_guest_memfd() to allocate private
guset memfd on the MemoryRegion initialization. It's for the use case of
TDVF, which must be private on TDX case.
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- drop memory_region_set_default_private() because this function
memory.
Signed-off-by: Xiaoyao Li
---
Changes in v4:
- move the check of kvm_supported_memory_attributes to the common
kvm_set_memory_attributes(); (Wang Wei)
- change warn_report() to error_report() in kvm_set_memory_attributes()
and drop the __func__; (Daniel)
---
accel/kvm/kvm-all.c | 44
=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- refine the description of QAPI properties and add description of
default value when not specified;
Changes in v4:
- describe more
TD guest can use TDG.VP.VMCALL to request termination
with error message encoded in GPRs.
Parse and print the error message, and terminate the TD guest in the
handler.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 39 +++
target/i386/kvm/tdx.h | 1
.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/x86.c | 1 +
include/hw/i386/x86.h | 1 +
target/i386/kvm/tdx.c | 2 ++
3 files changed, 4 insertions(+)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 61c45dfc14dd..6ff2475535bc 100644
--- a/hw/i386/x86.c
+++ b/hw/i386
Intel-PT unsupported for TD
guest, to avoid the confusing warning.
[1]
https://lore.kernel.org/qemu-devel/20230531084311.3807277-1-xiaoyao...@intel.com/
Signed-off-by: Xiaoyao Li
---
Changes in v4:
- newly added patch;
---
target/i386/kvm/tdx.c | 5 +
1 file changed, 5 insertions(+)
diff
evious step);
- add configurable bits (it covers the other part of type #1);
- fix the ones in vmm_fixup;
(Calculated type is ignored since it's determined at runtime).
Co-developed-by: Chenyi Qiang
Signed-off-by: Chenyi Qiang
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 16 +++
t
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
From: Isaku Yamahata
In mch_realize(), process PAM initialization before SMRAM initialization so
that later patch can skill all the SMRAM related with a single check.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
hw/pci-host/q35.c | 19 ++-
1 file changed, 10
From: Isaku Yamahata
MapGPA is a hypercall to convert GPA from/to private GPA to/from shared GPA.
As the conversion function is already implemented as kvm_convert_memory,
wire it to TDX hypercall exit.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 2
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 8
1 file changed, 8
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b
that is the offset of TDX metadata to the end
of firmware file.
Select X86_FW_OVMF when TDX is enable to leverage existing functions
to parse and search OVMF's GUID-ed structures.
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes
fields by removing the bits that
reported from TDX module as configurable. This can adapt with the
updated TDX (module) automatically.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 34 ++
1 file changed, 34 insertions(+)
diff --git a/target/i386/kvm/tdx.c
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index d23f94b77257..31aed1c9aae0 100644
--- a/target/i386
may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring QEMU to
provide a stable CPUID config prior to kvm_arch_init().
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Acked-by: Markus Armbruster
---
Changes in v4:
- mark init_vm with g_autofree() and use
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386
From: Isaku Yamahata
Because vMMIO region needs to be shared region, guest TD may explicitly
convert such region from private to shared. Don't complain such
conversion.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 19 ---
1 file changed
GS.
To avoid no response from QGS server, setup a timer for the transaction.
If timeout, make it an error and interrupt guest. Define the threshold of
time to 30s at present, maybe change to other value if not appropriate.
Signed-off-by: Isaku Yamahata
Codeveloped-by: Chenyi Qiang
Signed-off-by
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd
Christopherson
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 31aed1c9aae0..39113718ea14 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v1:
- drop the code of adding mmio resources since OVMF prepares all the
MMIO hob itself.
---
hw/i386/meson.build | 2 +-
hw
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
to do the stuff.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/tdvf.c | 1 +
include/hw/i386/tdvf.h | 7 +++
target/i386/kvm/tdx.c | 31 +++
3 files changed, 39 insertions(+)
diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c
index ff51f40088f0
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi
and error out if user wants PIC.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index c3fadbc5c58e..0225a9b79b36 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 2748086231d5..b1b0384b0c5c
.pdf
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
include/standard-headers/uefi/uefi.h | 198 +++
1 file changed, 198 insertions(+)
create mode 100644 include/standard-headers/uefi/uefi.h
diff --git a/include/standard-headers/uefi/uefi.h
b/include/standard
, the original image located in shared
ramblock can be discarded.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v1:
- rename variable @metadata to @flags
---
target/i386/kvm/tdx.c | 47 +++
1 file changed
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM
scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao
-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 8 ++
target/i386/kvm/tdx-stub.c | 5
target/i386/kvm/tdx.c | 53 ++
target/i386/kvm/tdx.h | 14 ++
4 files changed, 80 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
TD runs and no need to be accepted runtime.
The TdxRamEntries[] are later used to setup the memory TD resource HOB
that passes memory info from QEMU to TDVF.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v3:
- use enum TdxRamType in struct TdxRamEntry; (Isaku)
- Fix
LMCE is not supported TDX since KVM doesn't provide emulation for
MSR_IA32_FEAT_CTL.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm-cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
index 9c791b7b0520..8c618869533c 100644
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
---
hw/i386/pc_q35.c | 2 ++
hw/pci-host/q35.c | 42 +++
include/hw/i386/pc.h | 1 +
include/hw/pci-host/q35.h | 1 +
4 files changed, 33 insertions(+), 13 deletions
it needs to be located at private memory.
Also store the MemoryRegion pointer of TDVF since the shared ramblock of
it can be discared after it gets copied to private ramblock.
Signed-off-by: Chao Peng
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 13
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
d
1 - 100 of 858 matches
Mail list logo
